Lightroom 3 Book for Digital Photographers by Scott Kelby »

Tutorials on PHP Code Security

Here are some tutorials on general PHP security.

It is important to make sure you are always filtering input and escaping output in your PHP code. Here are some tutorials that will teach you more about this. If you fail to do this, your site may be vulnerable to cross-site scripting attacks.

Be aware of some potentially dangerous issues in PHP such as register_globals, allow_url_fopen, magic_quotes_gpc, and display_errors. Also take a look at the general programing code security resource page to learn about various attacks by hackers and how to prevent them.

General PHP Security

PHP Security on phpfreaks.com
PHP security audit talk - Chris Shiflett explains filtering input and escaping output in this video
Security risk associated with error handling

Filtering Input

ctype_alnum

Escaping Output

htmlspecialchars
htmlentities
mysql_real_escape_string - prevents sql injection

register_globals

Security Issues with Superglobals and register_globals

allow_url_fopen

Security issue with allow_url_fopen
cURL as alternative of allow_url_fopen

Magic Quotes

What are Magic Quotes
PHP Magic Quotes

display_errors

recommendation for display_errors to be off

LearnWebDesignOnline.com may receive revenues from Amazon, Google, and other third-parties via the display ads and links within the contents of this site.